Who watches the watchers? Big Data goes unchecked

The National Security Agency might be tracking your phone calls. But private industry is prying far more deeply into your life.

Commercial data brokers know if you have diabetes. Your electric company can see what time you come home at night. And tracking companies can tell where you go on weekends by snapping photos of your car’s license plate and cataloging your movements.

Text Size

-

+

reset

Private companies already collect, mine and sell as many as 75,000 individual data points on each consumer, according to a Senate report. And they’re poised to scoop up volumes more, as technology unleashes a huge wave of connected devices — from sneaker insoles to baby onesies to cars and refrigerators — that quietly track, log and analyze our every move.

Congress and the administration have moved to rein in the National Security Agency in the year since Edward Snowden disclosed widespread government spying. But Washington has largely given private-sector data collection a free pass. The result: a widening gap in oversight as private data mining races ahead. Companies are able to scoop up ever more information — and exploit it with ever greater sophistication — yet a POLITICO review has found deep reluctance in D.C. to exercise legislative, regulatory or executive power to curb the big business of corporate cybersnooping.

The inertia — and lack of a serious legislative push — on private-sector data mining has several causes. Many Republicans are averse to any new regulation of business. Many Democrats are skittish about alienating campaign donors in Silicon Valley.

It’s been more than two years since President Barack Obama announced — after two years of deliberation — that he would push for a Consumer Privacy Bill of Rights. Since then, no legislation has been introduced to implement it, and no regulations have been crafted. White House officials now acknowledge the proposal is outdated and may have been so on the day it was introduced.

Earlier this month, the White House again raised warnings about the erosion of personal privacy, with a report that clearly delineated the risks, as well as the promise, of the big data revolution — before calling for still more study.

Polls suggest that Americans want more protections. A national survey by Pew Research last fall found two-thirds of Internet users said current laws weren’t adequate to protect consumer privacy online.

But far from cracking down, the administration has floated several proposals for using data mining to advance its goals. The Pentagon, for instance, is considering tapping into commercial data banks to monitor the behavior of employees and contractors with top security clearances, so it can keep an eye out for bankruptcies, domestic violence charges or other signs of instability.

Senate Commerce Committee Chairman Jay Rockefeller (D-W.Va.), who has introduced legislation to rein in private data brokers, sounds resigned to the Internet remaining a kind of free-for-all for cybersnooping.

“Once we decided we’re going with the Internet, we gave up our privacy,” he said in an interview. “It’s always the double side: It’s the greatest discovery ever made and also one of the worst things that ever happened.”

Asked if he sees a disconnect between the intense focus on NSA surveillance and the hands-off approach to private-sector data mining, Rockefeller responded: “You better believe it.”

Companies that see big profits in big data are pushing back against any talk of a crackdown. Their mantra: Regulation could stifle innovation.

“This is a situation in which technology, new data uses and new approaches are occurring and evolving very rapidly, and so if parameters were engraved in legislative stone, it could easily be the wrong measure, the wrong safeguards … and may very well inhibit the development of useful and socially desirable businesses and technology,” said Alan Raul, a lawyer for technology companies and a former member of George W. Bush’s White House privacy board.

Some tech titans have also tried to point a finger back at government, pushing for the administration to focus on reining in the NSA. Facebook founder Mark Zuckerberg, for instance, personally lobbied Obama to curb the NSA after allegations surfaced that the agency may have used social media services to deliver computer viruses that helped it conduct surveillance.

“I’ve called President Obama to express my frustration over the damage the government is creating for all of our future,” Zuckerberg wrote on his Facebook page in March. The government, he wrote, must be “much more transparent about what they’re doing, or otherwise people will believe the worst.”

‘IT’S KIND OF CREEPY’

The technological advances and cheap data storage have created surveillance opportunities that make logging phone calls look downright quaint.

At the mall, the corner store or the casino, hidden cameras may be snapping photos of your face and relaying them to companies that identify you, note your habits and trace your movements.

Your TV’s set-top box may soon be able to sense what you’re doing while you’re watching a show — snacking? snuggling? mopping? — and broadcast ads appropriate to the situation.

At school, your child’s online textbooks may be tracking his every click to understand how his brain works. Some publishers boast that they can tell when a student is on the verge of forgetting, say, how to multiply fractions — and can then send him a lesson custom-tailored to his learning style to fix that skill permanently in his memory.

Rep. Jason Chaffetz (R-Utah), who has fought NSA surveillance and is pushing a bill to limit government use of GPS-type data, seemed surprised when told by POLITICO about how much information on individuals is held in commercial databases.

“It’s kind of creepy,” he said. “People have a reasonable expectation of privacy from not only their government but from other individuals as well.”

In talking up big data, companies tout innovations they say will make the world safer, more convenient and more efficient. Automobile companies, for instance, are developing “connected cars” able to communicate with one another — and with stop signs and traffic lights and even nearby pedestrians — in hopes of making driving far less risky.

From a consumer perspective, the possibilities are almost endless. It could be quite handy to have a refrigerator that notes when the milk is expiring and automatically orders more. Some women might love a bra that senses emotions and texts them when stress levels rise.

By 2020, there could be more than 30 billion wireless devices connected to the Internet worldwide, according to ABI Research.

The trade-off: The more data these gadgets collect, the more intimate details they can expose.

“Are they going to be little snitches in our pockets, or are they going to be under our control and serving us?” asked Jay Stanley, a senior policy analyst with the American Civil Liberties Union.

Privacy advocates fear all this information will find its way to the commercial data brokers who compile and sell profiles packed with details about individuals’ health, behavior, interests and preoccupations, including education level, political and religious affiliations, and address, phone numbers and email accounts.

Some data brokers slice and dice consumer profiles into categories such as “Ethnic Second-City Strugglers,” “X-tra Needy” and “Fragile Families” for ease of marketing, the Senate Commerce Committee reported last year. One company sold lists of families afflicted by specific illnesses, from AIDS to gonorrhea — and even offered a specialty list of rape victims, until a reporter from The Wall Street Journal inquired about it.

It’s information that privacy advocates fear could be used to discriminate against individuals — or to target them with advertising cleverly designed to exploit vulnerabilities.

“We cannot even conceive of the ways our data is collected and then used to manipulate us at our weakest moments,” said Danielle Citron, a law professor and privacy scholar at the University of Maryland.

The industry responds that such concerns are overhyped.

Jennifer Glasgow, chief privacy officer for the data broker Acxiom, said the industry provides a valuable service by helping companies target their marketing more precisely. She said her company does not collect sensitive health information and sticks mainly to broad categories: Do you like golf? Do you drive a sports car or a minivan? What’s your ballpark income?

“Ferrari doesn’t want to bring people into the dealership for a free toaster oven if they’re in the $30,000 to $50,000 a year income range,” she said.

Acxiom launched a website last fall that lets consumers see their data files. About 250,000 have logged in to look, she said — and only 2 percent have opted to scrub their files from the system. About 20 percent have taken the time to correct the file, which suggests to Glasgow that they like having their information available to marketers.

“If you read a lot of the scare stories about data brokers … and then look at the site, you’ll be pleasantly underwhelmed,” Glasgow said. “You’re going to say, ‘That’s pretty accurate. It doesn’t scare me that they know about that.’”

SLOW GOING IN WASHINGTON

States have started to move on privacy protections, with a dozen passing laws in the past two years meant to safeguard citizens.

Utah has tried to put limits on the storage of license plate data captured by a growing network of cameras. California requires companies to make clear whether they honor the “do not track” signals on some web browsers. And a dozen states, including New Jersey, Colorado and Illinois, ban employers or schools from demanding access to social media accounts held by workers or students.